Hey, I have a rsyslog server which will accept everything that want's to log TLS encrypted data to it. (Server - anon, Client - x509/name)
It turned out the Internet is much more interested in spamming my logging server then I thought when doing the implementation. So now I'm getting a lot of: ``` gnutls returned error on handshake: An unexpected TLS packet was received. unexpected GnuTLS error -110 in nsdsel_gtls.c:178: The TLS connection was non-properly terminated. unexpected GnuTLS error -15 in nsdsel_gtls.c:178: An unexpected TLS packet was received. gnutls returned error on handshake: Error in the pull function. ``` At some point I couldn't send any more logs before restarting rsyslog. The service was still running and there were no exceptional logs to relate to that, besides the upper ones which occur in working conditions also. Even if I introduce client authentication on the server side, that wouldn't help much against bad TLS packets from unexpected clients. Anyways, would like to hear your thoughts on how to harden an anon server. Is it possible to drop connections by log content? Or perhaps install some kind of an application layer firewall to protect rsyslog? Be Well, Alan _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
